8-16 Oracle Fusion Middleware High Availability Guide

8.3.1.1 Oracle Internet Directory Component Characteristics

Oracle Internet Directory, which is Oracle’s LDAP store, is a C-based component that uses a database as its persistence store. It is a stateless process and stores all of the data and the majority of its configuration information in the back-end database. It uses Oracle Net Services to connect to the database.

8.3.1.1.1 Runtime Processes Oracle Internet Directory has the following runtime

processes: Oracle directory replication server Also called a replication server, it tracks and sends changes to replication servers in another Oracle Internet Directory system. There can be only one replication server on a node. You can choose whether to configure the replication server. If there are multiple instances of Oracle Internet Directory that use the same database, only one of them can be running replication. This is true even if the Oracle Internet Directory instances are on different nodes. The replication sever process is a process within Oracle Internet Directory. It only runs when replication is configured. For more information about Oracle Internet Directory replication, refer to Chapter 10, Configuring Identity Management for Maximum High Availability. . Oracle Database Server Stores the directory data. Oracle strongly recommends that you dedicate a database for use by the directory. The database can reside on the same node as the directory server instances. Oracle Process Manager and Notification Server OPMN Manages Oracle Internet Directory as an Oracle Fusion Middleware component. OPMN uses the directives in the OID component snippet in ORACLE_INSTANCEopmn.xml and invokes OIDMON and OIDCTL as required. The command-line utility is opmnctl. OID Monitor OIDMON Initiates, monitors, and terminates the LDAP server and replication server processes. When you invoke process management commands, such as oidctl or opmnctl, or when you use Fusion Middleware Control to start or stop server instances, your commands are interpreted by this process. OIDMON also monitors servers and restarts them if they have stopped running for abnormal reasons. OIDMON starts a default instance of OIDLDAPD. If the default instance of OIDLDAPD is stopped using the OIDCTL command, then OIDMON stops the instance. When OIDMON is restarted by OPMN, OIDMON restarts the default instance. All OID Monitor activity is logged in the file ORACLE_ INSTANCE diagnosticslogOIDcomponent_ id oidmon-xxxx.log. This file is on the Oracle Internet Directory server file system. OID Monitor checks the state of the servers through mechanisms provided by the operating system. OID Control Utility OIDCTL Communicates with OID Monitor by placing message data in Oracle Internet Directory server tables. This message data includes configuration parameters required to run each Oracle directory server instance. Normally used from the command line only to stop and start the replication server. Table 8–4 Cont. An Oracle internet Directory Node Element Description Configuring High Availability for Identity Management Components 8-17 ■ OIDLDAPD: This is the main process for Oracle Internet Directory. OIDLDAPD consists of a dispatcher process and a server process. The dispatcher process spawns the OIDLDAPD server processes during startup. Each OIDLDAPD dispatcher process has its own SSL and non-SSL ports for receiving requests. Every OID instance has one dispatcher and one server process by default. The number of server processes spawned for an instance is controlled by the orclserverprocs attribute. ■ OIDMON: OIDMON is responsible for the process control of an Oracle Internet Directory instance. This process starts, stops, and monitors Oracle Internet Directory. During startup OIDMON spawns the OIDLDAPD dispatcher process and the replication server process, if replication is configured for the instance. ■ Replication server process: This is a process within Oracle Internet Directory that runs only when replication is configured. The replication server process is spawned by OIDMON during startup. ■ OPMN: The Oracle Process Manager and Notification Server OPMN is a daemon process that monitors Oracle Fusion Middleware components, including Oracle Internet Directory. Oracle Enterprise Manager Fusion Middleware Control uses OPMN to stop or start instances of Oracle Internet Directory. If you stop or start Oracle Internet Directory components from the command line, you use opmnctl, the command-line interface to OPMN. OPMN is responsible for the direct start, stop, restart and monitoring of OIDMON. It does not start or stop the server process directly.

8.3.1.1.2 Process Lifecycle OPMN is responsible for the direct start, stop, restart and

monitoring of the daemon process, OIDMON ORACLE_HOMEbinoidmon. OIDMON is responsible for the process control of an Oracle Internet Directory instance. In 11g Release 1 11.1.1, you can have multiple instances of Oracle Internet Directory on the same Oracle instance on the same node. For details, refer to Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory. Process Status Table Oracle Internet Directory process information is maintained in the ODS_PROCESS_ STATUS table in the ODS database user schema. OIDMON reads the contents of the table at a specified interval and acts upon the intent conveyed by the contents of that table. The interval is controlled by the value of the sleep command line argument used at OIDMON startup, and the default value is 10 seconds. Starting and Stopping Oracle Internet Directory An Oracle Internet Directory instance can be started and stopped using the Oracle Enterprise Manager Fusion Middleware Control or the command opmnctl. Start Process The start process for Oracle Internet Directory is: 1. Upon receiving the start command, OPMN issues an oidmon start command with appropriate arguments, as specified in the opmn.xml file. 2. OIDMON then starts all Oracle Internet Directory Server instances whose information in the ODS_PROCESS_STATUS table has state value 1 or 4 and ORACLE_INSTANCE, COMPONENT_NAME, INSTANCE_NAME values matching the environment parameters set by OPMN. Stop Process The stop process for Oracle Internet Directory is: 8-18 Oracle Fusion Middleware High Availability Guide 1. Upon receiving the stop command, OPMN issues an oidmon stop command. 2. For each row in the ODS_PROCESS_STATUS table that matches the environment parameters ORACLE_INSTANCE, COMPONENT_NAME, and INSTANCE_ NAME, the oidmon stop command kills OIDMON, OIDLDAPD, and OIDREPLD processes and updates the state to 4. Monitoring OPMN does not monitor server processes directly. OPMN monitors OIDMON and OIDMON monitors the server processes. The events are: ■ When you start OIDMON through OPMN, OPMN starts OIDMON and ensures that OIDMON is up and running. ■ If OIDMON goes down for some reason, OPMN brings it back up. ■ OIDMON monitors the status of the Oracle Internet Directory dispatcher process, LDAP server processes, and replication server process and makes this status available to OPMN and Oracle Enterprise Manager Fusion Middleware Control.

8.3.1.1.3 Request Flow Once the Oracle Internet Directory process starts up, clients

access Oracle Internet Directory using the LDAP or LDAPS protocol. There is no impact on other running instances when an Oracle Internet Directory instance starts up. Oracle Internet Directory listenerdispatcher starts a configured number of server processes at startup time. The number of server processes is controlled by the orclserverprocs attribute in the instance-specific configuration entry. The default value for orclserverprocs is 1. Multiple server processes enable Oracle Internet Directory to take advantage of multiple processor systems. The Oracle Internet Directory dispatcher process sends the LDAP connections to the Oracle Internet Directory server process in a round robin fashion. The maximum number of LDAP connections accepted by each server is 1024 by default. This number can be increased by changing the attribute orclmaxldapconns in the instance-specific configuration entry, which has a DN of the form: cn=componentname,cn=osdldapd,cn=subconfigsubentry Database connections from each server process are spawned at server startup time, depending on the value set for the instance configuration parameters ORCLMAXCC and ORCLPLUGINWORKERS. The number of database connections spawned by each server equals ORCLMAXCC + ORCLPLUGINWORKERS + 2. The Oracle Internet Directory server processes communicate with the Oracle database server through Oracle Net Services. An Oracle Net Services listenerdispatcher relays the request to the Oracle database. For more information, refer to Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory.

8.3.1.1.4 Configuration Artifacts The storage location requires a DB connect string.

TNSNAMES.ORA is stored in ORACLE_INSTANCEconfig. The wallet is stored in ORACLE_INSTANCE OIDadmin The DB ODS user password is stored in the wallet.

8.3.1.1.5 External Dependencies Oracle Internet Directory uses an Oracle database to

store configuration information as well as data. It uses the ODS schema to store this information. The Oracle directory replication server uses LDAP to communicate with an Oracle directory LDAP server instance. To communicate with the database, all components Configuring High Availability for Identity Management Components 8-19 use OCIOracle Net Services. Oracle Directory Services Manager and the command-line tools communicate with the Oracle directory servers over LDAP.

8.3.1.1.6 Oracle Internet Directory Log File Log files for Oracle Internet Directory are

under the following directory: ORACLE_INSTANCE diagnosticslogOID Table 8–5 shows Oracle Internet Directory processes and the log file name and location for the process. For more information on using the log files to troubleshoot Oracle Internet Directory issues, see Section 8.3.6, Troubleshooting Oracle Internet Directory High Availability .

8.3.2 Oracle Internet Directory High Availability Concepts